New Delhi | The Indian Cyber Crime Coordination Centre (I4C) has warned of a sophisticated fraud campaign, "Boss Scam", targeting corporate leaders by compromising the devices of senior executives and their messaging accounts, before directing employees to make fraudulent financial transfers.

In a carefully calibrated deception, scammers contact chief executives or other high-ranking officials via email and WhatsApp, posing as regulators from the Reserve Bank of India, threatening the victim with violations, urgent deficiencies and directing immediate action, creating a climate of manufactured pressure.

The hackers unload their malware onto the devices used by the senior corporate leaders in the form of a compressed ZIP archive containing an executable program accompanied by a Dynamic Link Library file.

"When the executive extracts and executes the file on a Windows desktop or laptop, a Trojan dropper is initiated. The malware establishes a persistent foothold, compromises the system, and hijacks the active Web WhatsApp session tokens," the I4C said in a statement.

The malware establishes persistence on the device, compromises its security controls and captures active Web WhatsApp session tokens, effectively granting attackers access to the executive's authentic messaging account.

Armed with that access, fraudsters can operate from a position of unusual credibility. Messages sent from the executive's genuine WhatsApp account are then directed to finance and accounts staff, instructing them to transfer money immediately to designated bank accounts controlled by criminal networks, it said.

The I4C has also noted a more invasive variant where the hackers, after achieving extensive control over a device, secretly alter contact records, saving an attacker-controlled number under the name of the company's chief executive.

The I4C has asked companies to strengthen verification procedures for financial transactions and not approve urgent payments or account changes based exclusively on WhatsApp messages or emails.

The centre has recommended confirmation through direct voice calls or face-to-face verification besides not to install executable files received from unverified sources.

Regulators such as the Reserve Bank of India do not distribute mandatory software updates or security patches through WhatsApp attachments, the I4C said.

"System administrators should enforce strict software restriction policies (SRP) configurations to block the execution of unknown .exe and .dll files originating from the user profile directories," it said.